Skip to content
Snippets Groups Projects
Commit f2338e6b authored by Sonia Zorba's avatar Sonia Zorba
Browse files

#2 Implemented basic token issuer page

parent 82ea0d6c
Branches
No related tags found
No related merge requests found
......@@ -56,4 +56,27 @@ class IdTokenBuilder {
return $payloadArr;
}
/**
* @param int $lifespan in hours
* @param string $audit target service
*/
public function generateNewToken(int $lifespan, string $audit) {
$keyPair = $this->locator->getJWKSDAO()->getNewestKeyPair();
$user = $this->locator->getSession()->getUser();
$iat = time();
$exp = $iat + $lifespan * 3600;
$payload = array(
'iss' => $this->locator->config->jwtIssuer,
'sub' => strval($user->id),
'iat' => $iat,
'exp' => $exp,
'aud' => $audit
);
return JWT::encode($payload, $keyPair->privateKey, $keyPair->alg, $keyPair->keyId);
}
}
......@@ -47,5 +47,12 @@
"gms": {
"id": "gms",
"joinEndpoint": "http://localhost:8082/gms/ws/jwt/join"
},
"tokenIssuer": {
"services": [{
"id": "fileserver",
"label": "File Server"
}],
"lifespan": [1, 6, 12, 24]
}
}
......@@ -189,3 +189,7 @@ body {
padding-right: 10px;
max-height: 50px;
}
#token-issuer-btn {
margin-top: 20px;
}
\ No newline at end of file
......@@ -349,4 +349,54 @@ Flight::route('GET /account', function () {
}
});
Flight::route('GET /token-issuer', function () {
session_start();
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$csrfToken = $_SESSION['csrf_token'];
global $locator;
$user = $locator->getSession()->getUser();
$config = $locator->config->tokenIssuer;
if ($user === null) {
Flight::redirect('/');
} else {
$admin = $locator->getUserDAO()->isAdmin($user->id);
Flight::render('token-issuer.php', array('title' => 'RAP Token Issuer',
'version' => $locator->getVersion(), 'session' => $locator->getSession(),
'config' => $config, 'csrfToken' => $csrfToken,
'contextRoot' => $locator->config->contextRoot));
}
});
Flight::route('POST /token-issuer', function () {
session_start();
global $locator;
if (empty($_POST['csrf_token']) || !(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))) {
throw new \RAP\UnauthorizedException("Invalid CSRF token");
}
if ($locator->getSession()->getUser() === null) {
throw new \RAP\UnauthorizedException("You must be registered to perform this action");
}
$postData = Flight::request()->data;
if (!isset($postData['lifespan']) || !isset($postData['audit'])) {
throw new \RAP\BadRequestException("Missing form parameter");
}
$tokenBuilder = $locator->getIdTokenBuilder();
$token = $tokenBuilder->generateNewToken($postData['lifespan'], $postData['audit']);
header('Content-Type: text/plain');
header("Content-disposition: attachment; filename=\"token.txt\"");
echo $token;
});
include 'admin.php';
......@@ -28,6 +28,7 @@
function loadTooltips() {
$('.primary-identity-icon').tooltip();
$('#join-btn').tooltip();
$('#token-issuer-btn').tooltip();
}
// When the document is loaded
......
......@@ -17,11 +17,22 @@ include 'include/header.php';
</div>
</div>
</div>
<div class="col-sm-2 text-center">
<div class="col-sm-2">
<div class="row">
<div class="col-sm-12">
<a class="btn btn-success" id="join-btn" href="<?php echo $contextRoot; ?>?action=join" title="Perform an additional login to join your identities" data-toggle="tooltip" data-placement="bottom">
Join with another identity
</a>
</div>
</div>
<div class="row">
<div class="col-sm-12">
<a class="btn btn-default" id="token-issuer-btn" href="<?php echo $contextRoot; ?>/token-issuer" title="Generate tokens for CLI" data-toggle="tooltip" data-placement="bottom">
Token issuer
</a>
</div>
</div>
</div>
<div class="col-sm-5">
<a href="logout" class="btn btn-primary pull-right">Logout</a>
</div>
......
<?php
include 'include/header.php';
?>
<div class="row">
<div class="col-sm-6 col-sm-offset-3">
<p>This panel can be used to generate tokens to be used from command line interfaces and desktop applications.</p>
<br/>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Token issuer</h3>
</div>
<div class="panel-body">
<form class="form-horizontal" action="<?php echo $contextRoot . '/token-issuer'; ?>" method="post">
<div class="form-group">
<label for="service" class="col-sm-4 control-label">Service</label>
<div class="col-sm-8">
<select class="form-control" id="service" name="audit">
<?php
foreach ($config->services as $service) {
echo "<option value=\"$service->id\">$service->label</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="lifespan" class="col-sm-4 control-label">Duration (hours)</label>
<div class="col-sm-8">
<select class="form-control" id="lifespan" name="lifespan">
<?php
foreach ($config->lifespans as $lifespan) {
echo "<option>$lifespan</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-8 col-sm-offset-4">
<input type="submit" class="btn btn-primary" value="Download token" />
</div>
</div>
<input type="hidden" value="<?php echo $csrfToken; ?>" name="csrf_token" />
</form>
</div>
</div>
<br/>
<p class="text-center">
<strong>
<a href="<?php echo $contextRoot . '/account'; ?>">Back to account manager</a>
</strong>
</p>
</div>
</div>
<?php
include 'include/footer.php';
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment